For security, it may be advisable to only allow multicast traffic into the SR-series routers from recognized multicast routers and servers. Multicast packets arriving on other interfaces (for example, customer-facing SAPs or spoke SDPs) can be filtered out by defining an appropriate IP filter policy.
For details on how to configure a filter policy, see section Creating an IP Filter Policy in the Router Configuration Guide.
The following example shows a sample IP filter policy configuration dropping all multicast traffic:
A:ALA-48>config>filter>ip-filter# info
----------------------------------------------
ip-filter 1 create
entry 1 create
match
dst-ip 239.0.0.0/24
exit
action accept
exit
entry 2 create
match
dst-ip 239.0.0.0/4
exit
action drop
exit
exit
----------------------------------------------
A:ALA-48>config>filter>ip-filter#
The following example shows how to apply this sample IP filter policy to a SAP:
A:ALA-48>config>service>vpls # info
----------------------------------------------
sap 1/1/1:1
ingress
filter ip 1
exit
exit
exit
----------------------------------------------
A:ALA-48>config>service>vpls>snooping#